On The Square Emporium

Your Basket

Your basket is empty

Looks like you haven't added any treasures yet!

Start Shopping

Privacy Policy

PRIVACY POLICY

On The Square Auctions Limited trading as On The Square Emporium
Registered in Northern Ireland
Unit A3, Sydenham Business Park, 17 Heron Road, Belfast BT3 9LE
Last Updated: 31st October 2025

INTRODUCTION

Here at On The Square Emporium, we take your privacy very seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, shop with us (online or in-store), enter our competitions, or participate in our promotions.

We will only use your personal information to administer your account and provide the products and services you have requested from us, and where you have consented, to send you marketing communications about our offers and services.

On The Square Auctions Limited is the data controller responsible for your personal information. We are registered in Northern Ireland, and our registered office is at Unit A3, Sydenham Business Park, 17 Heron Road, Belfast BT3 9LE.

Data Protection Officer: Conor Stewart
Email: conor@onthesquareemporium.com
Post: FAO: Data Protection Officer, On The Square Emporium, Unit A3, Sydenham Business Park, 17 Heron Road, Belfast BT3 9LE

1. WHAT INFORMATION WE COLLECT

We may collect, use, store, and transfer different types of personal data about you, including:

1.1. Identity Data

This includes your first name, last name, username, date of birth, and title.

1.2. Contact Data

This includes your billing address, delivery address, email address, and telephone number(s).

1.3. Financial Data

This includes payment card details. However, we do not store your full payment card details ourselves. Payments are processed securely by our third-party payment provider.

1.4. Transaction Data

This includes details about payments to and from you, and details of products and services you have purchased from us.

1.5. Technical Data

This includes your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

1.6. Usage Data

This includes information about how you use our website, products, and services.

1.7. Marketing and Communications Data

This includes your preferences for receiving marketing communications from us and your communication preferences.

1.8. Competition and Promotion Data

This includes information you provide when entering competitions or participating in promotions, such as your answers to entry questions, photographs, videos, social media handles, and any other content you submit.

1.9. Visual Data (for Competition Winners)

This includes photographs, video footage, images, and recordings of your likeness that we may capture or that you provide to us when you win a competition.

1.10. What We Do NOT Collect

We do not collect any special categories of personal data about you (such as details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, or genetic and biometric data). We also do not collect location-based information beyond what is necessary for delivery purposes.

2. HOW WE COLLECT YOUR INFORMATION

We collect personal data through the following methods:

2.1. Direct Interactions

You provide us with your personal data when you:
   • Purchase products from us (online or in-store);
   • Create an account on our website;
   • Subscribe to our mailing list or request marketing materials;
   • Enter a competition or participate in a promotion (such as our Birthday Club);
   • Provide feedback, complete a survey, or contact us with an enquiry;
   • Attend one of our auctions (where applicable).

2.2. Automated Technologies

As you interact with our website, we may automatically collect Technical Data and Usage Data using cookies and similar technologies. Please see our Cookie Policy for more information.

2.3. Third Parties

We may receive personal data about you from third parties, including:
   • Payment processors and delivery companies;
   • Analytics providers (such as Google Analytics);
   • Publicly available sources (such as social media platforms, if you engage with us publicly).

3. HOW WE USE YOUR INFORMATION

We will only use your personal data when the law allows us to. Most commonly, we use your personal data in the following circumstances:

3.1. To Process and Fulfil Your Orders

What we do: Process your payment, arrange delivery or collection, send you order confirmations and updates.
Legal basis: Performance of a contract – it is necessary for us to process your data to fulfil our contractual obligations to you.

3.2. To Communicate with You

What we do: Respond to your enquiries, provide customer service, notify you of changes to our services or terms.
Legal basis: Performance of a contract, legitimate interests (to provide good customer service).

3.3. To Administer Competitions and Promotions

What we do: Process your entry, select winners, distribute prizes, verify eligibility.
Legal basis: Performance of a contract (if entering creates a contractual relationship), legitimate interests (to run our business and promotions).

3.4. To Send You Marketing Communications

What we do: Send you information about our products, services, special offers, promotions (including Birthday Club offers), and events.
Legal basis: Consent – we will only send marketing communications where you have given us your explicit consent. You can withdraw consent at any time.

3.5. To Publish Winner Information and Use Winner Likeness

What we do: Publish your name, photograph, town/city, and prize details on our website, social media, in-store displays, and other marketing materials when you win a competition.
Legal basis: Consent – by entering a competition, you consent to this use of your information and likeness if you win. Legitimate interests (to promote our business and demonstrate the authenticity of our competitions).

3.6. To Improve Our Website and Services

What we do: Analyse how our website is used, test new features, improve user experience.
Legal basis: Legitimate interests (to develop and improve our business and services).

3.7. To Comply with Legal Obligations

What we do: Keep records for tax and accounting purposes, comply with legal and regulatory requirements.
Legal basis: Legal obligation – we are required by law to retain certain information (e.g., for 6 years under UK tax law).

3.8. To Protect Our Business

What we do: Prevent fraud, protect our systems and customers, enforce our terms and conditions.
Legal basis: Legitimate interests (to protect our business and customers from fraud and other illegal activity).

4. MARKETING COMMUNICATIONS

4.1. How We Use Your Data for Marketing

From time to time, we would like to use your name and email address (and other contact details you have provided) to inform you of our future offers, new products, promotions, and similar products that may be of interest to you.

We will only send you marketing communications where you have given us your consent to do so. This includes when you:
   • Tick a box agreeing to receive marketing when making a purchase;
   • Sign up to our mailing list;
   • Enter a competition (where you consent to marketing as part of entry);
   • Join our Birthday Club or other promotional programs.

4.2. Types of Marketing

We may send you marketing communications via:
   • Email
   • SMS/text message
   • Post
   • Telephone

4.3. Third-Party Marketing

We do not share your personal information with third parties for their own marketing purposes. Your information remains with us and is not sold, rented, or traded to external organisations for marketing.

4.4. How to Unsubscribe

You can unsubscribe from marketing communications at any time, free of charge, by:
   • Clicking the “unsubscribe” link at the bottom of any marketing email;
   • Replying “STOP” to any SMS/text message;
   • Contacting us by email at conor@onthesquareemporium.com;
   • Writing to us at our registered office address;
   • Speaking to us in-store.

Important: If you are a member of the Birthday Club and unsubscribe from marketing communications, your Birthday Club membership and associated discount will be terminated.

Please note that even if you unsubscribe from marketing, we may still contact you with important service-related messages (such as order confirmations, delivery updates, or changes to our terms).

5. WHO WE SHARE YOUR INFORMATION WITH

We do not sell your personal data to third parties. However, we may need to share your data with the following categories of recipients:

5.1. Service Providers

We use trusted third-party companies to help us provide our services, including:
   • Payment processors – to process your payments securely;
   • Delivery companies – to deliver your purchases;
   • IT and website hosting providers – to host our website and systems;
   • Email service providers – to send emails on our behalf;
   • Marketing and analytics providers – to help us understand website usage and improve our marketing.

These service providers only have access to the personal data they need to perform their specific functions and are required to keep your data secure and confidential.

5.2. Professional Advisers

We may share your data with professional advisers such as lawyers, accountants, auditors, and insurers who provide services to us.

5.3. Social Media Platforms

When we publish competition winner information on social media (with your consent), your name, photograph, and other details you have agreed to share will be visible on those platforms (e.g., Facebook, Instagram, Twitter, TikTok).

5.4. Law Enforcement and Regulatory Authorities

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court, regulator, or law enforcement agency).

5.5. Business Transfers

If we sell or merge our business (or part of it), your personal data may be transferred to the new owner, who will continue to use it in accordance with this Privacy Policy.

6. WHERE WE STORE YOUR INFORMATION

6.1. Data Location

All personal data we process is processed by our staff in the United Kingdom. For the purposes of IT hosting and maintenance, your information is stored on servers located within the United Kingdom and/or the European Union.

6.2. International Transfers

We do not routinely transfer your personal data outside the UK or EU. If we ever need to do so, we will ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements.

6.3. Data Security

We have implemented appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:
   • Secure servers and encrypted connections;
   • Access controls and password protection;
   • Regular security assessments and updates;
   • Staff training on data protection and security.

While we take all reasonable steps to protect your data, please be aware that no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. HOW LONG WE KEEP YOUR INFORMATION

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.

7.1. Order and Transaction Data

Retention period: Minimum of 6 years from the end of the financial year in which the transaction occurred.
Reason: We are required under UK tax law to keep records of transactions for this period.

7.2. Marketing Data

Retention period: Until you withdraw consent (by unsubscribing), or for a maximum of 3 years from your last interaction with us (e.g., purchase, email open, website visit) if there has been no activity.
Reason: To ensure we only contact people who are genuinely interested in our business and to maintain good data hygiene.

7.3. Competition Entry Data

Retention period: 12 months after the competition ends (for entries that do not win and where you have not consented to marketing).
Reason: To handle any queries or disputes about the competition.

7.4. Winner Publicity Materials

Retention period: Indefinitely (or until you request removal, subject to our legitimate interests).
Reason: To use for ongoing promotional and marketing purposes as you have consented to.

7.5. Website Technical and Usage Data

Retention period: Typically 26 months (in line with Google Analytics default settings), unless you opt out sooner.
Reason: To analyse trends and improve our website over time.

7.6. Inactive Accounts

If you have an online account with us that has been inactive for 3 years or more, we may delete your account and associated data (except where we are required to retain it by law, such as transaction records).

8. YOUR LEGAL RIGHTS

Under UK data protection law (UK GDPR), you have the following rights regarding your personal data:

8.1. Right to Access (Subject Access Request)

You have the right to request a copy of the personal data we hold about you. This is known as a “subject access request.”

8.2. Right to Rectification

You have the right to request that we correct any personal data about you that is inaccurate or incomplete.

8.3. Right to Erasure (“Right to be Forgotten”)

You have the right to request that we delete your personal data in certain circumstances, such as:
   • The data is no longer necessary for the purpose it was collected;
   • You withdraw consent (where consent was the legal basis for processing);
   • You object to processing and there are no overriding legitimate grounds;
   • The data has been unlawfully processed.

Please note that we may not be able to delete your data if we are required to retain it by law (e.g., for tax purposes) or if we have other legitimate grounds to retain it.

8.4. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

8.5. Right to Object

You have the right to object to processing of your personal data where:
   • We are relying on legitimate interests as our legal basis and you believe your rights outweigh our interests;
   • We are processing your data for direct marketing purposes (you can object at any time).

8.6. Right to Data Portability

You have the right to request that we transfer your personal data to you or to another organisation in a commonly used, machine-readable format (where technically feasible).

8.7. Right to Withdraw Consent

Where we are relying on your consent as our legal basis for processing (e.g., for marketing communications or use of your likeness), you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdrew consent.

8.8. Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority, if you believe we have not handled your personal data properly.

Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

8.9. How to Exercise Your Rights

To exercise any of your rights, please contact our Data Protection Officer:
Email: conor@onthesquareemporium.com
Post: FAO: Data Protection Officer, On The Square Emporium, Unit A3, Sydenham Business Park, 17 Heron Road, Belfast BT3 9LE

We will respond to your request within one month of receipt. In some cases, this may be extended by a further two months if your request is particularly complex.

You will not normally have to pay a fee to exercise your rights. However, we may charge a reasonable fee or refuse to comply with your request if it is clearly unfounded, repetitive, or excessive.

9. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar tracking technologies to improve your browsing experience, analyse website traffic, and deliver relevant content and advertising.

A cookie is a small text file that is stored on your device when you visit a website. Cookies help websites remember your preferences and understand how you use the site.

9.1. Types of Cookies We Use

Strictly Necessary Cookies: These are essential for the website to function properly (e.g., to process your orders and payments). You cannot opt out of these cookies.
Performance Cookies: These collect information about how you use our website (e.g., which pages you visit most often). This data is aggregated and anonymous.
Functionality Cookies: These allow the website to remember your preferences (e.g., language, region).
Targeting/Advertising Cookies: These track your browsing activity to deliver advertising that is relevant to you and your interests.

9.2. Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

For more detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

10. THIRD-PARTY WEBSITES

Our website may contain links to third-party websites (e.g., social media platforms, payment processors). If you follow a link to any of these websites, please be aware that they have their own privacy policies.

We do not accept any responsibility or liability for the privacy practices of third-party websites. Please check their privacy policies before providing any personal data to them.

11. CHILDREN’S PRIVACY

Our services are not intended for children under the age of 18. We do not knowingly collect personal data from children under 18.

Our competitions and promotions are only open to individuals aged 18 and over.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately, and we will take steps to delete such information.

12. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes, we will update the “Last Updated” date at the top of this policy. If we make significant changes, we may also notify you by email or by posting a prominent notice on our website.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data.

13. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Data Protection Officer: Conor Stewart
Email: conor@onthesquareemporium.com
Post: FAO: Data Protection Officer, On The Square Emporium, Unit A3, Sydenham Business Park, 17 Heron Road, Belfast BT3 9LE

We take all privacy concerns seriously and will investigate and respond to your query as quickly as possible.

Last Updated: 31st October 2025

By using our website and services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal data as described herein.